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No DAO funds at risk following the 
Ethereum smart contract ‘recursive call’ 
bug discovery minim A S50 Million Hack Just Showed That the DAO Was All Too Human SARITY тел па CR Caen 


Our eam is blessed oa A $50 MILLION HACK JUST 
Awos During scr Tg SHOWED THAT THE DAO WAS 
ALL TOO HUMAN 


to his guidance we were m: 
Ethereum smart contracts. W" saba 


“recursive call vulnerability 


as can be seen on line 580: 
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#Candidates Candidates % of 
Category flagged without #Validated true 
m (distinct) source 
97 


1504 (438) 1487 


| war 7 
[Suicidal || 1495403) | 1487 | [99 — 
| [ 69 | 


Greedy 1083 
Тош | 34,200 2,365) | 34,019 | 3,759 | 39 — 


Table 1: Final results using invocation depth 3 at block 
height BH. Column 1 reports number of flagged contracts, 
and the distinct among these. Column 2 shows the num- 
ber of flagged which have no source code. Column 3 is 
the subset we sampled for concrete validation. Column 4 
reports true positive rates; the total here is the average TP 
rate weighted by the number of validated contracts. 
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° Remix: D00000 


function( 


root801562f60ae20: 
INFO:r 
INFO:s 
INFO:: 


INFO 
INFO 


INFO: 
INFO: 
INFO: 
INFO:s 


CORE 
ANALYSIS 


EXPLORER | ===> 


23 Bit-Vector Solver 


EVM Code Coverage: 
Parity BEEN Bug 2: 


Vulnerability: 
ion-Ordering Dependence (TOD): 
Timestamp Dependency: 
Entrancy Vulnerability: 
== Analysis Completed 


VALIDATO 


/oyente/oyente# python oyente.py -s hackert 
ot:contract hackertest.sol:greeter: 


99.5% 
False 
False 
False 
False 
False 
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MAIAN (212) 


MAIAN v1.0 
Type of contract code Run 


© Solidity source code Contract пате WalletLibrary 


Check on Prodigal 
F Check on Suicidal 


F Check on Greedy 


С Bytecode source START 


C Bytecode compiled 


sol Wallet = 
Multi ug dasly kimated account proxy wallet 


@authors 


Check on PRODIGAL 
Vulnerability found 
Vulnerability confirmed 
(see the log below) 


Gav Wood <g@ethdev com> 
act that enables methods to be 


protected by requiring the acquiescence of either a 


inheritable "property" 
single, of, crucially, each of a number of. designated owners 
usage Check on SUICIDAL 
use modifiers onlyowner (just own owned) or МА га foond 

ontymanyowners{ hash), whereby the same hash must be provided — y 

by Vulnerability confirmed 
some number (specified in const (see the log below) 


tor) of the set of owners 


ble) before the 


(specified in the constructor, me 


interior is executed 
Check on GREEDY 
Not vulnerable 


pragma solidity "0.4.9, 


contract WalletE vents | 
EVENTS 


Suicidal vulnerability found 
this contract only has six types of events: it can accept a E ===> Em 


confirmation, in which case 


The 


jllowing 2 transaction(s) will trigger the contract to be killed 
we record owner and operation (hash) alongside it 
event Confirmation(address owner. bytes)? operation). 


event Revoke(address owner, bytes32 operation) 


some others are in the case of an owner changing 
event OwnerC hani 


address old Owner, address new Owner 


event OwnerAdded(address newOwner) E " 
he transactsons correspot 
initWallet(address[] u! 
kil address) 
Settings 
1) Confirming suicide vulnerability on private chain tx[0] mined 
3 


Max function invocations taf 1] mined 


Confirmed ! The contract is suicidal! 


Solver timeout (msec) 10000 


To keep MAIAN free and up to date, consider donating Ether to our account: Oxfd03b29b5¢ 2018788 36a 3b357 1835 ladf24f4a06 
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] Search with call depth: 2 


Compiling Solidity contract from the file example. wanga а ааа sol. me 
Connecting to PRIVATE blockchein | emptychain ESTABL 
Deploying contract .... at addres D 9E536236A8; 22889 7864C6A1A1 aA4CHL9BD464386 

ё $x6060605052600436105101105760 


Contract code length on the blockchain : 
Contract address saved in file: out /Wa 


ary.addres 


] Check if contract is SUICIDAL 


Contract address 1 0x9E536236A8F 2288a7864C6A1Af 340980464386 
Contract bytecode : 60606040526004361061011d576000357c0100000000000000.. . 


Bytecode length : 16528 
Blockchain contract: True 
Debug : False 


Search with call depth: 1 1111111111111111111111 


1112222222222222222222222122222222222222222222212222 
Suicidal vulnerability found 


The following 2 transaction(s) will trigger the contract to be killed: 
-Tx[1] :e46dcfeb 8eeeeeeoooooeo0ee00O00O000000000000000000000000000000000000000040 000000000000000 


ейааагдеаайаа@вавевайаавааегаеайаааааагеаайавадавге геввггегегвегвегвегегвевевегвагеегвевевавггеевавевггегеег 
ггаггагггагава 
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-Tx[2] :cbf@b@c@ 

The transactions correspond to the functions: 

-initwallet (address[],uint256,uint256) 

-kill(address) 

tx[1] mined 


Confirming suicide vulnerability on private chain ... ..... tx[@] mined ........ 


Confirmed | The contract is suicidal | 
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contract ReEntrancy { 


mapping ( 


function stealTokens() public | 
amountToLose = expendableTokens [ 1; 
if (! (msg. .call.value(amountToLose)())) { throw; j 
expendableTokens [ 


000“ Re-" 


contract Entrancy { 


mapping ( > ) private expendableTokens; 


function stealTokens() public { 
amountToLose = expendableTokens[ 
expendableTokens [ ] = 
che ДЕЦ .call.value(amountToLose)(2)) í throw; + 
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f/f Burn DAO Tokens 
Transferímsg.sender, 0, balances [msg.sender]); 
withdrawRewardFor(msg.sender5; // be nice, and get 
totalSupply -= balances [msg.sender] ; 


balances [msg.sender] = O, 
paidOut[msg.sender] = 
return true; 


0000 -Parity 0000 


pati @@ -104,7 +104,7 @@ contract WalletLibrary is walletEvents 


// constructor is given number of sigs required to do protected "onlymanyowners" transactions 
// as well as the selection of addresses capable of confirming them. 
- function initMultiowned(address[] _owners, uint required) ( 
+ function initMultiowned(address[] owners, uint required) internal { 
m numOwners = owners,length + 1; 
m owners[1] = uintímsg. sender), 
m ownerIndex[uint(msg.sender)] = 1; 


D 


(X9 -198,7 *198,7 @@ contract WalletLibrary is walletEvents 


// constructor - stores initial daily limit and records the present day's index. 
- function initbaylimit(uint limit) { 
+ function initDaylimit(uint limit) internal ( 


// constructor - just pass on the owner array to the multiowned and 
// the limit to daylimit 
- function initwallet(address[] owners, uint required, uint _daylimit) ( 
-19 + function initwallet(address[] owners, uint required, uint daylimit) only uninitialized { 
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| overview | Comments 
Tools & Utilities ~ 


Transaction Information 

TxHash Ox9db0326 a03a2a37 19227 bedfab9aacc9857fd231 a8dIdcaede4bb083def75ec 
Block Height 4043800 (28739 block confirmations) 

TimeStamp: 6 days 5 hrs ago (Jul-19-2017 12:18:15 PM +UTC) 

From: 0xb3764761 e297 d6fl 21 e79c32a65829cd1 ddb4d32 (MultisigExploit-Hacker) 
To Contract Oxbec591 de75b8699a3ba52107342882200bfcOd7e W 

Value 0 Ether ($0.00) 

Gas Limit: 82703 

Gas Price 0.000000021 Ether (21 Gwei) 


Gas Used By Txn: 
Actual Tx Cost/Fee 
Cumulative Gas Used 
Nonce: 


Input Data 


66839 
0.001403619 Ether (50.29) 
1283734 
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Function: initwallet(address[] 


_owners, uint256 required, 
uint256 daylimit) *** 


MethodID: Oxe46dcfeb 

[0] :00000000000000000000000000000000000000000000000000000000 
00000060 
[1]:00000000000000000000000000000000000000000000000000000000 
00000000 = 


Convert To Ascii 


Internal Transactions Event Logs Comments 


Transaction Information Tools & Utilities v 


TxHash: Oxeef10fc5170f669b686c4cd0444862a96087221325f8bf2f55d6188633aa7 be7c 
Block Height 4043802 (28738 block confirmations) 

TimeStamp: B days 5 hrs ago (Jul-19-2017 12:19:36 PM UTC) 

From: Oxb3764761 e297 46421 279232265829 001 ddb4d32 (MultisigExploit-Hacker) 
To @ Contract Oxbec591 de75b8699a3ba521073428822d0bfcOd7e W 


TRANSFER 82,189 Ether to— Oxb3764761e297 461121 


Value 0 Ether ($0.00) 

Gas Limit 78926 

Gas Price: 0.000000021 Ether (21 Gwei) 

Gas Used By Txn: 58433 

Actual Tx Cost/Fee: 0.001227093 Ether ($0.25) 

Cumulative Gas Used 1821881 

Мопсе: 6 

Input Data = 


MethodID: Oxb61d27f6 
[0] : 000000000000000000000000b 3764761 e 297d6f121e79c 32a65829cd 


1ddb4d32 
[1] :00000000000000000000000000000000000000000000116779808c03 
e4140000 E 


Convert To Ascii 


Parity П0000000 2 


+, devops199 commented 22 hours ago - edited 


8 
I accidentally killed it. 


https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4 


Parity 2 ПП 


initwallet (address 


axe46dc feb 


3000000000000008€ 200000000000000 


300000000000896 


Function: kill(address 


MethodID: Bxcbfabaca 


[8] :0000000000000000000000009e7168deb5258 
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С) Features Business Explore Marketplace Pricing 


OpenZeppelin / zeppelin-solidity 


<> Code ues 104 "ull requests 49 wi g 
Branch: master» zeppelin-solidity / contracts / math / SafeMath.sol 
Vl frangio Update to Truffle 4.1.5 запасће 6 
2 m4 гооо: YA Lb 


49 lines (42 


pragma 0.4.21; 
library SafeMath ( 
function mul(uint256 a, uint256 b) internal pure returns (uint256) ( 
a e) { 
turn 8; 
uint256 c - a b; 
a (c a b); 


King of the ether О0000000000000000 


Q {ү | à GitHub, Inc. [US] | https://github.com/kieranelby /KingOfTheEtherThrone/blob/vO.4.0/contr 


uint compensation = valuePaid - wizardCommission; 


if (currentMonarch.etherAddress !- wizardAddress) í 
currentMonarch.etherAddress.send(compensation); 


) else ( 
// When the throne is vacant, the fee accumulates for the wizard. 


ШЕШИНЕ 


if (kingOfLosingDone ёё !{ compensationSent ) ) 1 
monarch. sendi 


compensationsent True; 


if (kingOfLosingDone && !( compensa 
if (monarch.sendi )) 
compensationSent = True; 
else throw; 
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BEST BLOCK LAST BLOCK 


= ACTIVE NODES 52/53 GAS PRICE GAS LIMIT 


BLOCK TIME DIFFICULTY BLOCK PROPACATION 
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UNCLE COUNT TRANSACTIONS GAS SPENDING 


Lil lila. sl Па 


Thi ез not represent the entire state of the ethereum network - listing a node on this 


GAS LIMIT 


(1) ATTENTION! 
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contract SendContract { 
public mostSent; 


function SendContract() payable { 
richest = 


mostSent = 


function becomeRichest() payable returns ( 
ж ITA! А > mostSent) 1 
richest.transfer ( 
richest = 
mostSent = 


return 


+ el 


contract withdrawalContract function becomeRichest() payable returns 
т T ; > mostSent) í 


. L 
pendingwithdrawals[richest] += 
richest = ; - 


mapping ( ) pendingwithdrawals; mostSent = 


public richest; 
public mostSent; 


return 
= š ~ - E ^ 1 S 
function withdrawalContract() payable í Pa 
richest = 


| return 


mostSent = 


function withdraw) í 


amount = pendingwithdrawals[ 
pendingwithdrawals [ 


.transfer (amount); 
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Wrong guess 2 


Thanks. | win 
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Puzzles 


address Owner; | 

bool | Locked; if (msg.sender owner) { 
uint reward; if (Locked) 

bytes32 diff: owner. send (reward) ; 


bytes ic solution; reward = msg.value; 


Puzzle) { 

| Te (msg.data.length 

Owner msg.sender; És à 
, я | (Locked) 

rewarc msq. value; : ree 
locked | (sha256(msq. data) diff) 

CKBI alse: , " 
оске тае; msg.sender.send(reward) : 


' ff hu anf `Y. š 
diff = bytes32(11111); solution = msg.data; 


locked true: 


ОО00000 TOD П 


Puzzlef 


address LC owner; T 

bool locked; (msg.sender owner) 1 
uint reward; (locked) 

bytes32 Dep Sn owner.send(reward); 


bytes solution; reward = msg.value; 


Puzzle() í 

| suya (msg.data. Length 

owner msg.sender; > E 
, : F (locked) 

rewarc msg.value; N | пр 
| | 5 (sha256(msg. data) diff) 

скес alse; p EE NEUE E LM 
locked = Ta msg.sender.send(reward); 
diff wtes32( ): 
diff = bytes32(11111); solution = msg.data; 


locked = true; 
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INFO: symExec: == == == z= = == == == = sz sz sm Results = z= z= == z= == == == s= == s= 
INFO: symExec: EVM Code Coverage: 99.5% 
INFO:symExec: Parity Multisig Bug 2: 


INFO: symExec: ca ck D th Attack Vulnerability: 
INFO: symExec: { action-Ordering Dependence (TOD): 
INFO:symExec: Timestamp Dependency: 

INFO: symExec: Re-Entrancy Vulnerability 
INFO: symExec: ====== Analysis Completed = 


5 Ethereum © 


C Ж 


Announcement of imminent hard fork for 
EIP150 gas cost changes: 


Announcement of imminent hard fork for EIP150 gas cost... 


= During the last couple of weeks, the Ethereum network has been 
the target of a sustained attack. The attacker(s) have been very 
crafty in locating vulnerabilities in the client implementations as... 
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Player[] persons; 


uint payoutCursor Id 
uint put balance = 0; 


4 q q ress owner; 


uint payoutCursor_Id=0; 


(balance > persons[payoutCursor Id ].deposit / 100 * 115) ( 
uint MultipliedPayout = persons[payoutCursor Id ].deposit / 100 * 115; 
persons[payoutCursor_Id].etherAddress.send(MultipLiedPayout) ; 


balance -= MultipliedPayout; 
payoutCursor Id ++; 
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а = a.split(" "), b ;c < a. на { 
• .words = a.length; a b.length - 1, return с; 
NOOD ength;c++) { у fa[c], b) 88 b.push(a[c]) 
var a = 0, b = $("#U N.val(), b = b.replace(/ 


ө 00000 “ae «re )/g Key : b.split(" "); 


Ө == use arr 
th - 1].use class = 


ө ШЕ / g00000 E put : А | jicsort("use class" 


Furn(c[a] < d[a] ? -1 
(@ >= b. p wey 1 


inla, 200), а = Math.min(a) ban setnt(h(). unique)); li 4 
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